VAR-200107-0147
Vulnerability from variot - Updated: 2023-12-18 13:26SNMP service in Atmel 802.11b VNET-B Access Point 1.3 and earlier, as used in Netgear ME102 and Linksys WAP11, accepts arbitrary community strings with requested MIB modifications, which allows remote attackers to obtain sensitive information such as WEP keys, cause a denial of service, or gain access to the network. Atmel is a chip design and manufacturing firm that provides various RF-based products to corporate consumers. Atmel manufactures firmware for various wireless access systems. It is possible to gain SNMP access to some wireless access points that use the Atmel chipset and firmware. These systems do not use sufficient access control, and allow reading/writing of MIB data with any community password. This makes it possible for a remote user to gain access to sensitive information, and potentially launch an information gathering attack
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200107-0147",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wap11",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "*"
},
{
"model": "me102",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": "*"
},
{
"model": "802.11b vnet-b access point",
"scope": "lte",
"trust": 1.0,
"vendor": "atmel",
"version": "1.3"
},
{
"model": "802.11b vnet-b access point",
"scope": "eq",
"trust": 0.6,
"vendor": "atmel",
"version": "1.3"
},
{
"model": "",
"scope": "eq",
"trust": 0.3,
"vendor": "atmel",
"version": "1.3"
},
{
"model": "",
"scope": "ne",
"trust": 0.3,
"vendor": "atmel",
"version": "1.4"
}
],
"sources": [
{
"db": "BID",
"id": "2896"
},
{
"db": "NVD",
"id": "CVE-2001-0514"
},
{
"db": "CNNVD",
"id": "CNNVD-200107-135"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:atmel:802.11b_vnet-b_access_point:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:wap11:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:netgear:me102:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0514"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability was announced in an IIS X-Force Security Advisory on June 20, 2001.",
"sources": [
{
"db": "BID",
"id": "2896"
},
{
"db": "CNNVD",
"id": "CNNVD-200107-135"
}
],
"trust": 0.9
},
"cve": "CVE-2001-0514",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-3329",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2001-0514",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200107-135",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-3329",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-3329"
},
{
"db": "NVD",
"id": "CVE-2001-0514"
},
{
"db": "CNNVD",
"id": "CNNVD-200107-135"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SNMP service in Atmel 802.11b VNET-B Access Point 1.3 and earlier, as used in Netgear ME102 and Linksys WAP11, accepts arbitrary community strings with requested MIB modifications, which allows remote attackers to obtain sensitive information such as WEP keys, cause a denial of service, or gain access to the network. Atmel is a chip design and manufacturing firm that provides various RF-based products to corporate consumers. Atmel manufactures firmware for various wireless access systems. \nIt is possible to gain SNMP access to some wireless access points that use the Atmel chipset and firmware. These systems do not use sufficient access control, and allow reading/writing of MIB data with any community password. \nThis makes it possible for a remote user to gain access to sensitive information, and potentially launch an information gathering attack",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0514"
},
{
"db": "BID",
"id": "2896"
},
{
"db": "VULHUB",
"id": "VHN-3329"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "2896",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2001-0514",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200107-135",
"trust": 0.7
},
{
"db": "ISS",
"id": "20010620 MULTIPLE VENDOR 802.11B ACCESS POINT SNMP AUTHENTICATION FLAW",
"trust": 0.6
},
{
"db": "XF",
"id": "6576",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-3329",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-3329"
},
{
"db": "BID",
"id": "2896"
},
{
"db": "NVD",
"id": "CVE-2001-0514"
},
{
"db": "CNNVD",
"id": "CNNVD-200107-135"
}
]
},
"id": "VAR-200107-0147",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-3329"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:26:16.438000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0514"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/2896"
},
{
"trust": 1.7,
"url": "http://xforce.iss.net/alerts/advise83.php"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6576"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/static/6576.php"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-3329"
},
{
"db": "NVD",
"id": "CVE-2001-0514"
},
{
"db": "CNNVD",
"id": "CNNVD-200107-135"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-3329"
},
{
"db": "BID",
"id": "2896"
},
{
"db": "NVD",
"id": "CVE-2001-0514"
},
{
"db": "CNNVD",
"id": "CNNVD-200107-135"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-07-21T00:00:00",
"db": "VULHUB",
"id": "VHN-3329"
},
{
"date": "2001-06-20T00:00:00",
"db": "BID",
"id": "2896"
},
{
"date": "2001-07-21T04:00:00",
"db": "NVD",
"id": "CVE-2001-0514"
},
{
"date": "2001-07-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200107-135"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-3329"
},
{
"date": "2001-06-20T00:00:00",
"db": "BID",
"id": "2896"
},
{
"date": "2017-10-10T01:29:45.907000",
"db": "NVD",
"id": "CVE-2001-0514"
},
{
"date": "2005-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200107-135"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200107-135"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Atmel SNMP Group string vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200107-135"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200107-135"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…